CVE-2024-2104
8.8
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Due to improper BLE security configurations on the device's GATT server, an adjacent unauthenticated attacker can read and write device control commands through the mobile app service wich could render the device unusable.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| JBL | LIVE PRO 2 TWS | * | affected |
| JBL | TUNE FLEX | * | affected |
Weaknesses
- CWE-306: CWE-306 Missing Authentication for Critical Function
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://harman.csaf-tp.certvde.com/.well-known/csaf/white/2025/hbsa-2025-0001.json
- https://certvde.com/en/advisories/VDE-2024-076
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.